cbcvebase.
CVE-2025-41240
published 2025-07-24

CVE-2025-41240: Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In…

PriorityP271critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.70%
48.4th percentile
Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets by accessing specific URLs if the application is exposed externally. The issue affects deployments using the default value of usePasswordFiles=true, which mounts secrets as files into the container filesystem.

Affected

3 ranges
VendorProductVersion rangeFixed in
vmwarebitnamicharts_appsmith21.2.0 – 22.0.4
vmwarebitnamicharts_drupal>= 5.2.0 < 6.0.196.0.19
vmwarebitnamicharts_wordpress>= 24.2.0 < 25.0.425.0.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.